https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Wed, 20 May 2026 22:38:50 +0000 https://db.gcve.eu/sighting/babe0dd0-1962-4834-b0d8-973163a05957/export {"uuid": "babe0dd0-1962-4834-b0d8-973163a05957", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2607", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8439", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2607\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/upload/upimage.html of the component HTTP POST Request Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-03-21T21:00:10.948Z\n\ud83d\udccf Modified: 2025-03-21T21:00:10.948Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.300590\n2. https://vuldb.com/?ctiid.300590\n3. https://vuldb.com/?submit.518021\n4. https://github.com/Jingyi-u/lzcms/tree/main", "creation_timestamp": "2025-03-21T21:21:56.000000Z"} {"uuid": "babe0dd0-1962-4834-b0d8-973163a05957", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2607", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8439", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2607\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/upload/upimage.html of the component HTTP POST Request Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-03-21T21:00:10.948Z\n\ud83d\udccf Modified: 2025-03-21T21:00:10.948Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.300590\n2. https://vuldb.com/?ctiid.300590\n3. https://vuldb.com/?submit.518021\n4. https://github.com/Jingyi-u/lzcms/tree/main", "creation_timestamp": "2025-03-21T21:21:56.000000Z"} https://db.gcve.eu/sighting/babe0dd0-1962-4834-b0d8-973163a05957/export Fri, 21 Mar 2025 21:21:56 +0000 https://db.gcve.eu/sighting/e9122ee2-6541-40e3-b09c-f855f76249c8/export {"uuid": "e9122ee2-6541-40e3-b09c-f855f76249c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2607", "type": "seen", "source": "https://t.me/cvedetector/20844", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-2607 - LzCMS-LaoZhangBoKeXiTong Unrestricted File Upload Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-2607 \nPublished : March 21, 2025, 9:15 p.m. | 1\u00a0hour, 37\u00a0minutes ago \nDescription : A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/upload/upimage.html of the component HTTP POST Request Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-22T00:20:16.000000Z"} {"uuid": "e9122ee2-6541-40e3-b09c-f855f76249c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2607", "type": "seen", "source": "https://t.me/cvedetector/20844", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-2607 - LzCMS-LaoZhangBoKeXiTong Unrestricted File Upload Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-2607 \nPublished : March 21, 2025, 9:15 p.m. | 1\u00a0hour, 37\u00a0minutes ago \nDescription : A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/upload/upimage.html of the component HTTP POST Request Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-22T00:20:16.000000Z"} https://db.gcve.eu/sighting/e9122ee2-6541-40e3-b09c-f855f76249c8/export Sat, 22 Mar 2025 00:20:16 +0000 https://db.gcve.eu/sighting/4b4e15b4-f329-4664-97b1-dbc8acb4d95e/export {"uuid": "4b4e15b4-f329-4664-97b1-dbc8acb4d95e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26074", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19946", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26074\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.\n\ud83d\udccf Published: 2025-06-30T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-30T16:45:02.565Z\n\ud83d\udd17 References:\n1. https://github.com/conductor-oss/conductor\n2. https://github.com/conductor-oss/conductor/blob/main/core/src/main/java/com/netflix/conductor/core/events/ScriptEvaluator.java\n3. https://medium.com/@mrcnry/cve-2025-26074-remote-code-execution-in-conductor-oss-via-inline-javascript-injection-5ce3cb651cfb", "creation_timestamp": "2025-06-30T17:07:32.000000Z"} {"uuid": "4b4e15b4-f329-4664-97b1-dbc8acb4d95e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26074", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19946", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26074\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.\n\ud83d\udccf Published: 2025-06-30T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-30T16:45:02.565Z\n\ud83d\udd17 References:\n1. https://github.com/conductor-oss/conductor\n2. https://github.com/conductor-oss/conductor/blob/main/core/src/main/java/com/netflix/conductor/core/events/ScriptEvaluator.java\n3. https://medium.com/@mrcnry/cve-2025-26074-remote-code-execution-in-conductor-oss-via-inline-javascript-injection-5ce3cb651cfb", "creation_timestamp": "2025-06-30T17:07:32.000000Z"} https://db.gcve.eu/sighting/4b4e15b4-f329-4664-97b1-dbc8acb4d95e/export Mon, 30 Jun 2025 17:07:32 +0000 https://db.gcve.eu/sighting/7226cdfe-6361-45ad-98d1-156797ab272b/export {"uuid": "7226cdfe-6361-45ad-98d1-156797ab272b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-26074", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114774041391786813", "content": "", "creation_timestamp": "2025-06-30T19:48:08.214429Z"} {"uuid": "7226cdfe-6361-45ad-98d1-156797ab272b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-26074", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114774041391786813", "content": "", "creation_timestamp": "2025-06-30T19:48:08.214429Z"} https://db.gcve.eu/sighting/7226cdfe-6361-45ad-98d1-156797ab272b/export Mon, 30 Jun 2025 19:48:08 +0000 https://db.gcve.eu/sighting/eff6e019-9d6e-4500-8795-74c45f92690a/export {"uuid": "eff6e019-9d6e-4500-8795-74c45f92690a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26074", "type": "seen", "source": "https://bsky.app/profile/checkmarxzero.bsky.social/post/3lu3nn47qhs2d", "content": "", "creation_timestamp": "2025-07-16T14:42:16.959144Z"} {"uuid": "eff6e019-9d6e-4500-8795-74c45f92690a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26074", "type": "seen", "source": "https://bsky.app/profile/checkmarxzero.bsky.social/post/3lu3nn47qhs2d", "content": "", "creation_timestamp": "2025-07-16T14:42:16.959144Z"} https://db.gcve.eu/sighting/eff6e019-9d6e-4500-8795-74c45f92690a/export Wed, 16 Jul 2025 14:42:16 +0000 https://db.gcve.eu/sighting/f18120a6-14b9-4552-aa30-84443a7a604b/export {"uuid": "f18120a6-14b9-4552-aa30-84443a7a604b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2607", "type": "seen", "source": "MISP/3e4b778d-5810-4171-a915-f1d106684af4", "content": "", "creation_timestamp": "2025-08-11T18:27:48.000000Z"} {"uuid": "f18120a6-14b9-4552-aa30-84443a7a604b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2607", "type": "seen", "source": "MISP/3e4b778d-5810-4171-a915-f1d106684af4", "content": "", "creation_timestamp": "2025-08-11T18:27:48.000000Z"} https://db.gcve.eu/sighting/f18120a6-14b9-4552-aa30-84443a7a604b/export Mon, 11 Aug 2025 18:27:48 +0000 https://db.gcve.eu/sighting/288155a4-6a36-4b74-8d6f-6d092d441cd5/export {"uuid": "288155a4-6a36-4b74-8d6f-6d092d441cd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26074", "type": "seen", "source": "https://gist.github.com/alon710/c85765ce27b6517378a7751dbbdc300f", "content": "", "creation_timestamp": "2026-01-24T21:32:21.000000Z"} {"uuid": "288155a4-6a36-4b74-8d6f-6d092d441cd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26074", "type": "seen", "source": "https://gist.github.com/alon710/c85765ce27b6517378a7751dbbdc300f", "content": "", "creation_timestamp": "2026-01-24T21:32:21.000000Z"} https://db.gcve.eu/sighting/288155a4-6a36-4b74-8d6f-6d092d441cd5/export Sat, 24 Jan 2026 21:32:21 +0000